Sending encrypted email

To send an encrypted email, sign in to our website or open our Hushmail for iPhone app, click the Compose button and type your message. When you’re ready to send it, make sure the Encrypted checkbox is selected. If you are sending to someone who uses Hushmail, the checkbox will be checked automatically and you can simply click the Send button.

Sending encrypted email to someone who doesn’t use Hushmail

When you send an encrypted email to someone who doesn’t use Hushmail, they will read it on a secure web page. The email will be available to them for 2 weeks.

The first time you send an encrypted email to someone who doesn’t use Hushmail, you have the option to add a security question, but you don’t have to. The recipient will receive a notification in their inbox saying they have a secure email from you, but after they click the link to see your message, they are prompted to create a passphrase, which they will be able to use to access any future encrypted emails you send them.

If you see the link to add a security question, that means that your recipient has not yet created a passphrase. In that case, anyone with access to that email account will be able to read what you send. So, if you are sending sensitive information, we highly recommend the use of the security question. Once your recipient has created a passphrase, this is not a problem, and you will no longer be shown the link to add a security question

If you use a third-party email app, such as Mac Mail or Outlook, to email someone who doesn't use Hushmail, it's sent as a regular email. To ensure you are adding an extra layer of security, use our webmail or Hushmail for iPhone app and check the Encrypted checkbox.

How to create effective security questions

Make sure only the intended recipient can correctly answer your security question, by asking questions only he or she will know the answer to. For example, “Where did we last meet?” or “What is your patient ID number?” General knowledge questions that anyone can answer, such as “What is 2 + 2?”, are not recommended. Answers are not case sensitive. Spaces, periods, commas and hyphens are ignored.

The recipient has five attempts to answer correctly before we permanently delete the message from our servers. Secure messages are deleted 14 days after they are sent.